CCNA思科认证助理网络工程师课件：19 无线

WirelessLANsIntroducing

WLANsWirelessDataTechnologiesWirelessDataTechnologies(Cont.)WirelessLAN(WLAN)AWLANisasharednetwork.无线是共享网络Anaccess

pointisashareddeviceandfunctionslikeasharedEthernethub.AP就是共享点，相当于HUBDataistransmitted

overradiowaves.数据传输是无线电波Two-wayradiocommunications

(half-duplex)areused.

工作在半双工Thesameradiofrequencyisused

forsendingandreceiving(transceiver).

相同的电波发送WLANEvolutionWarehousing仓库Retail零售Healthcare卫生保健Education教育Businesses商业Home家庭WhatAreWLANs?Theyare:Local本地的Inbuildingorcampusformobileusers建筑物和校园内移动用户Radioorinfrared无线电波和红外NotrequiredtohaveRFlicensesinmostcountries

多数国家不要无线射频许可Usingequipmentownedbycustomers

自己建立设备Theyarenot:WANorMAN

networksCellularphones

networksPacketdatatransmissionviacelluarphonenetworksCellulardigitalpacketdata(CDPD)

蜂窝移动Generalpacketradioservice(GPRS)

普通包分组交换2.5Gto3GservicesSimilaritiesBetweenWLANandLANAWLAN

isan802LAN.Transmitsdataovertheairvs.dataoverthewire

传输数据在无线网络Lookslikeawirednetworktotheuser

像有线网络Definesphysicalanddatalinklayer

定义了物理和数据链路层UsesMACaddresses

用MAC地址Thesameprotocols/applicationsrunoverbothWLANsandLANs.IP(network

layer)IPSec

VPNs(IP-based)Web,FTP,SNMP(applications)DifferencesBetweenWLANandLANWLANsuseradio

wavesasthephysicallayer.WLANsuseCSMA/CAinsteadofCSMA/CDtoaccessthenetwork.

用CSMA/CARadiowaveshaveproblemsthatarenotfoundonwires.Connectivityissues.Coverageproblems

覆盖问题Multipathissues

信号问题Interference,noise

干扰问题Privacyissues.WLANsusemobileclients.Nophysicalconnection.无物理连接Battery-powered.要动力WLANsmustmeetcountry-specificRFregulations.WirelessLANsDescribingWLAN

TopologiesWLANTopologiesWirelessclientaccess客户模式MobileuserconnectivityWirelessbridging无线桥LAN-to-LANconnectivityWirelessmesh

networking

无线网CombinationofbridginganduserconnectivityWLANandLANServiceSetIdentifier(SSID)SSIDisusedtologicallyseparateWLANs.SSID是逻辑的网络TheSSIDmustmatchonclientandaccesspoint.在服务器和客户端一样AccesspointbroadcastsoneSSIDinbeacon.广播在同一SSIDClientcanbeconfiguredwithoutSSID.客户不配置SSIDClientassociationsteps:Clientsendsproberequest.

客户发送请求Apointsendsproberesponse.

服务端发送回答Clientinitiatesassociation.

客户发送连接Apointacceptsassociation.

服务端接受连接ApointaddsclientMACaddresstoassociationtable.

服务端加入MACWLANAccessTopologyWirelessRepeaterTopologyAlternativePeer-to-PeerTopologyServiceSetsandModesAdhocmodeIndependentBasicServiceSet(IBSS)中立基本服务Mobileclientsconnectdirectlywithoutanintermediateaccesspoint.Infrastructuremode下部结构模式BasicServiceSetMobileclientsuseasingleaccesspointforconnectingtoeachotherortowirednetworkresources.ExtendedServicesSetTwoormoreBasicServiceSetsareconnectedbyacommondistributionsystem.ClientRoamingRoaming

withoutinterruption

requiresthe

sameSSIDonallaccesspoints.

漫游要相同的SSIDLayer2vs.Layer3RoamingWirelessLANsExplainingWLANTechnologyandStandardsUnlicensedFrequencyBandsISM:Industry,scientific,andmedicalfrequencyband工业科学利用Nolicenserequired

没有许可证Noexclusiveuse

不是专用Besteffort

尽力传输Interferencepossible

冲突产生RadioFrequencyTransmissionRadiofrequenciesareradiatedintotheairviaanantenna,creatingradio

waves.Radiowavesareabsorbedwhentheyarepropagatedthroughobjects(e.g.,walls).Radiowavesarereflectedbyobjects

(e.g.,metalsurfaces).Thisabsorptionandreflectioncancauseareasoflowsignalstrengthorlowsignalquality.无线频率周期的发送通过天线当它们通过障碍物时，被繁殖无线电波被吸收无线电波由对象反射这吸收和反射可能导致低信号强度或低信号质量区域。RadioFrequencyTransmissionHigherdatarateshaveashortertransmissionrange.ThereceiverneedsmoresignalstrengthandbetterSNRtoretrieveinformation.Highertransmitpowerresultsingreaterdistance.Higherfrequenciesallowhigherdatarates.Higherfrequencieshaveashortertransmissionrange.更高的数据速率有一个更短的传输范围接收器需要更多信号强度和更好的SNR检索信息。更高传送在长距离的电力结果更高的频率允许更高的数据速率。更高的频率有一个更短的传输范围WLANRegulationandStandardizationRegulatoryagenciesFCC(UnitedStates)ETSI(Europe)StandardizationIEEE802.11/getieee802/CertficationofequipmentWi-FiAlliancecertifiesinteroperabilitybetweenproducts.Certificationsinclude802.11a,802.11b,802.11g,dual-bandproducts,andsecuritytesting.Certifiedproductscanbefoundat.©2005CiscoSystems,Inc.Allrightsreserved.802.11b802.11bStandardStandardwasratifiedinSeptember1999Operatesinthe2.4-GHzbandSpecifiesdirectsequencespreadspectrum(DSSS)Specifiesfour

dataratesupto11Mbps1,2,5.5,11MbpsProvidesspecificationsforvendorinteroperability(over

theair)Definesbasicsecurity,encryption,andauthenticationforthewirelesslinkIsthemostcommonlydeployedWLAN

standardChannelIdentifierChannelCenterFrequencyChannelFrequencyRange[MHz]RegulatoryDomainAmericasEurope,MiddleEast,andAsiaJapan12412MHz2401–2423XXX22417MHz2406–2428XXX32422MHz2411–2433XXX42427MHz2416–2438XXX52432MHz2421–2443XXX62437MHz2426–2448XXX72442MHz2431–2453XXX82447MHz2436–2458XXX92452MHz2441–2463XXX102457MHz2446–2468XXX112462MHz2451–2473XXX122467MHz2466–2478XX132472MHz2471–2483XX142484MHz2473–2495

X2.4-GHzChannels802.11b/g(2.4GHz)ChannelReuse

802.11bAccessPointCoverage©2005CiscoSystems,Inc.Allrightsreserved.802.11a802.11aStandardStandardwasratifiedSeptember1999Operatesinthe5-GHzbandUsesorthogonalfrequency-divisionmultiplexing(OFDM正交频分复用技术)Useseightdataratesofupto54Mbps6,9,12,18,24,36,48,54MbpsHasfrom12to23nonoverlappingchannels(FCC)Hasupto19nonoverlappingchannels(ETSI)RegulationsdifferentacrosscountriesTransmit(Tx)powercontrolanddynamicfrequencyselectionrequired(802.11h)802.11aChannelReuse802.11hDFSnotavailableManualchannelassignmentrequired802.11hDFSimplementedChannelassignmentdoneby

Dynamic

Frequency

Selection(DFS)Onlyfrequencybandscanbeselected©2005CiscoSystems,Inc.Allrightsreserved.802.11g802.11gStandardStandardwasratifiedJune2003Operatesinthe2.4-GHzbandas802.11bSamethreenonoverlappingchannels:1,6,11DSSS(CCK)andOFDMtransmission12data

ratesofupto54Mbps1,2,5.5,11Mbps(DSSS/802.11b)6,9,12,18,24,36,48,54Mbps(OFDM)Fullbackwardcompatiblityto802.11bstandard802.11gProtectionMechanismProblem:802.11bstationscannotdecode802.11gradiosignals.802.11b/gaccesspointcommunicateswith802.11bclientswithmax.11Mbps.802.11b/gaccesspointcommunicateswith802.11gclientswithmax.54Mbps.802.11b/gaccesspointactivatesRTS/CTStoavoidcollisionswhen802.11bclientsarepresent.802.11bclientlearnsfromCTSframethedurationofthe802.11gtransmission.Reducedthroughputiscausedbyadditionaloverhead.©2005CiscoSystems,Inc.Allrightsreserved.802.11StandardsComparison802.11StandardsComparison802.11b802.11g802.11aRatified199920031999Frequency

band2.4GHz2.4GHz5GHzNoofchannels33Upto23TransmissionDSSSDSSSOFDMOFDMData

rates

[Mbps]1,2,5.5,111,2,5.5,116,9,12,18,24,36,48,546,9,12,18,24,36,48,54Throughput[Mbps]Upto6Upto22Upto28RangeComparisonsRatifiedIEEE802.11Standards802.11:WLAN1and2Mbpsat2.4

GHz802.11a:WLAN54-Mbpsat5

GHz802.11b:WLAN11-Mbpsat2.4

GHz802.11d:Multipleregulatorydomains802.11e:Qualityofservice802.11f:Inter-AccessPointProtocol(IAPP)802.11g:WLAN54-Mbpsat2.4

GHz802.11h:DynamicFrequencySelection(DFS) TransmitPowerControl(TPC)at

5

GHz802.11i:Security802.11j:5-GHzchannels

forJapan/getieee802/©2005CiscoSystems,Inc.Allrightsreserved.WLANSecurityWLAN

SecurityThreatsMitigatingtheThreatsControlandIntegrityPrivacyandConfidentialityProtectionandAvailabilityAuthenticationEncryptionIntrusionDetectionSystem

(IDS)Ensurethatlegitimateclients

associatewithtrustedaccesspoints.Protectdataasitistransmittedandreceived.Trackandmitigateunauthorizedaccessandnetworkattacks.EvolutionofWLANSecurityNostrongauthenticationStatic,

breakablekeysNotscalableInitial

(1997)Encryption(WEP)Interim

(2001)802.1xEAPDynamickeysImprovedencryptionUser

authentication802.1xEAP(LEAP,PEAP)RADIUSInterim

(2003)Wi-FiProtectedAccess(WPA)StandardizedImprovedencryptionStrong,userauthentication(e.g.,LEAP,PEAP,EAP-FAST)PresentWirelessIDSIEEE802.11iWPA2(2004)Identificationandprotectionagainstattacks,DoSAESstrongencryptionAuthenticationDynamickeymanagementWirelessClientAssociationAccesspointssendoutbeaconsannouncingSSID,datarates,

andotherinformation.AP发送明确的SSIDClientscansall

channels.

客户控制隧道Clientlistensforbeaconsandresponsesfrom

accesspoints.

客户监听响应Clientassociatestoaccesspointwithstrongest

signal.

客户发送连接信号给APClientwillrepeatscanifsignalbecomeslowtoreassociate

to

anotheraccesspoint(roaming).漫游时在发连接DuringassociationSSID,MAC

address

andsecuritysettingsare

sentfromtheclienttotheaccess